Skip to main content

PAN-OS EUVD-2026-36148

| CVE-2026-0272 MEDIUM
Missing Authorization (CWE-862)
2026-06-10 palo_alto GHSA-ww95-gf5v-mgrr
Privilege Escalation Authentication Bypass Paloalto
6.0
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
vuln.today AI
6.5 MEDIUM

Network-accessible CLI justifies AV:N; existing admin account required means PR:H; root escalation yields full C:H and I:H with no stated availability impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (palo_alto).

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 10, 2026 - 23:01 EUVD
Analysis Generated
Jun 10, 2026 - 22:03 vuln.today
CVE Published
Jun 10, 2026 - 21:01 cve.org
MEDIUM 6.0

DescriptionCVE.org

A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.

The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .

This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).

Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.

AnalysisAI

Privilege escalation in Palo Alto Networks PAN-OS on PA-Series and VM-Series firewalls and Panorama appliances allows an authenticated CLI administrator to perform operations at the root OS level, bypassing intended privilege boundaries through a missing authorization control (CWE-862). The risk is substantially gated by the requirement for existing administrative CLI access (CVSS PR:H), making insider threats and compromised admin credentials the primary real-world attack paths. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain or compromise admin credentials
Delivery
Authenticate to PAN-OS CLI via SSH
Exploit
Execute crafted CLI commands
Execution
Trigger missing authorization flaw (CWE-862)
Persist
Gain root OS shell
Impact
Exfiltrate keys or install persistent backdoor
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an existing authenticated PAN-OS administrator account with CLI access - CVSS PR:H explicitly confirms high privilege is required, and the description limits scope to administrators with CLI access specifically. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.0 with PR:H accurately reflects that exploitation is gated behind existing administrative authentication, sharply limiting the realistic attacker pool to insiders, compromised-credential scenarios, or supply chain threats. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious insider or an attacker who has separately compromised a PAN-OS administrator account authenticates to the management CLI via SSH and executes crafted commands that trigger the missing authorization check, obtaining a root shell on the underlying operating system. With root access, the attacker can exfiltrate VPN private keys, decrypt captured traffic, harvest stored credentials, or install kernel-level persistence mechanisms invisible to PAN-OS configuration audits. …
Remediation Consult the Palo Alto Networks security advisory at https://security.paloaltonetworks.com/CVE-2026-0272 for confirmed patched version details, as exact fix versions are not independently verified in available intelligence. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-0273 MEDIUM
6.1 Jun 10

Command injection in Palo Alto Networks PAN-OS enables an authenticated administrator to escape system-enforced restrict
CVE-2026-0271 MEDIUM
5.9 Jun 10

Privilege escalation in Palo Alto Networks Prisma Access Agent on Linux allows a locally authenticated low-privileged us
CVE-2026-0270 MEDIUM
4.8 Jun 10

Path traversal in Palo Alto Networks Cortex XSOAR engine on Linux enables arbitrary file write to the host system by an

CVE-2026-0269 MEDIUM
4.6 Jun 10

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the fi
CVE-2026-0267 MEDIUM
4.4 Jun 10

GlobalProtect app on macOS exposes administrator-configured passcodes - used to restrict disabling, disconnecting, or un

Share

EUVD-2026-36148 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy